{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3663", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-06T20:34:39.952Z", "datePublished": "2026-03-07T14:32:09.897Z", "dateUpdated": "2026-03-11T16:29:23.238Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-07T14:32:09.897Z"}, "title": "xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "xlnt-community", "product": "xlnt", "versions": [{"version": "1.6.0", "status": "affected"}, {"version": "1.6.1", "status": "affected"}], "modules": ["XLSX File Parser"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-03-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-06T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-06T21:39:52.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.349552", "name": "VDB-349552 | xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349552", "name": "VDB-349552 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.764644", "name": "Submit #764644 | xlnt-community xlnt commit bceb706 and before Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xlnt-community/xlnt/issues/139", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0128/blob/main/xl3/repro", "tags": ["exploit"]}, {"url": "https://github.com/xlnt-community/xlnt/pull/147", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/xlnt-community/xlnt/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T16:15:09.537284Z", "id": "CVE-2026-3663", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T16:29:23.238Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T16:15:09.537284Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T16:15:17.006Z"}}], "cna": {"title": "xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "xlnt-community", "modules": ["XLSX File Parser"], "product": "xlnt", "versions": [{"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.6.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-06T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-06T21:39:52.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.349552", "name": "VDB-349552 | xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349552", "name": "VDB-349552 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.764644", "name": "Submit #764644 | xlnt-community xlnt commit bceb706 and before Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xlnt-community/xlnt/issues/139", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0128/blob/main/xl3/repro", "tags": ["exploit"]}, {"url": "https://github.com/xlnt-community/xlnt/pull/147", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/xlnt-community/xlnt/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-07T14:32:09.897Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3663", "state": "PUBLISHED", "dateUpdated": "2026-03-11T16:29:23.238Z", "dateReserved": "2026-03-06T20:34:39.952Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-07T14:32:09.897Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xlnt-community:xlnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B381094-639E-4E21-8CB0-60C480F02400", "versionEndIncluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en xlnt-community xlnt hasta la versi\u00f3n 1.6.1. Este problema afecta a la funci\u00f3n xlnt::detail::compound_document_istreambuf::xsgetn del archivo source/detail/cryptography/compound_document.cpp del componente XLSX File Parser. Realizar una manipulaci\u00f3n resulta en una lectura fuera de l\u00edmites. El ataque solo es posible con acceso local. El exploit se ha hecho p\u00fablico y podr\u00eda ser utilizado. El parche se llama 147. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2026-3663", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-07T15:15:56.020", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/oneafter/0128/blob/main/xl3/repro"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/xlnt-community/xlnt/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/xlnt-community/xlnt/issues/139"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/xlnt-community/xlnt/pull/147"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.349552"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.349552"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.764644"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "xlnt", "source": "cna", "vendor": "xlnt-community"}, "product": "xlnt", "vendor": "xlnt-community"}], "analysis": {"en": {"generated_at": "2026-04-16T10:57:28.702459+00:00", "value": {"mitigation_remediation": ["Upgrade xlnt to version 1.6.2 or later, which includes the fix from pull request 147.", "If the library cannot be upgraded immediately, merge the changes from PR 147 into your source tree and rebuild the application with the updated code.", "Restrict local processing of XLSX files to trusted users only or run the parser in a sandboxed environment with limited filesystem access to prevent an attacker from placing a malicious file at a read\u2011accessible location."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure via Out\u2011of\u2011Bounds Read"}, "threat_synthesis": {"affected_systems": "The xlnt\u2011community xlnt library, versions up to and including 1.6.1, is affected. Users integrating this library in any application that parses XLSX files may be vulnerable if they have local file access to the target system. No specific operating system or platform constraints are reported, so the impact is applicable wherever the vulnerable library is deployed.", "description_and_impact": "A flaw in the xlnt Excel XLSX parser allows a local user to trigger an out\u2011of\u2011bounds read in the compound_document_istreambuf::xsgetn function. The vulnerability is triggered by supplying a specially crafted input file, and it results in reading memory beyond the intended buffer boundaries. This can expose sensitive data stored in adjacent memory, potentially leading to information disclosure. The flaw is classified as a buffer overread (CWE\u2011119 and CWE\u2011125).", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild at present. The vulnerability is not listed in the CISA KEV catalogue, further indicating limited exploitation evidence. The attack requires local access, which limits the threat surface but still poses risk to environments where the library handles untrusted input locally."}}}}, "created": "2026-03-09T10:05:26.326406+00:00", "updated": "2026-04-16T11:00:10.674945+00:00", "vendors": ["xlnt-community", "xlnt-community$PRODUCT$xlnt"]}